as-built-architecture

Pass

Audited by Gen Agent Trust Hub on Jun 16, 2026

Risk Level: SAFE
Full Analysis
  • [EXTERNAL_DOWNLOADS]: The skill references and utilizes several well-known developer tools (e.g., semgrep, playwright, mermaid-cli). These are invoked via standard package managers like npx, ensuring they are retrieved from official registries for analytical purposes.
  • [COMMAND_EXECUTION]: To map the repository, the skill runs local commands such as git status, rg, and existing project scripts. The instructions emphasize using read-only or non-destructive commands by default and require explicit user approval for any operations that modify the system or interact with external services.
  • [PROMPT_INJECTION]: The skill is designed to analyze third-party codebases, which introduces an inherent surface for indirect prompt injection. This is addressed through clear instructions to escape all repository content and sanitize generated SVG diagrams (specifically removing and tags) before inclusion in the final HTML report.
  • Ingestion points: Source code, manifests, and documentation files from the target repository being analyzed.
  • Boundary markers: No specific delimiters are used within the agent's internal reasoning, but high-confidence findings are prioritized based on direct code evidence.
  • Capability inventory: Shell command execution, package installation (if permitted), and file system reads defined in SKILL.md.
  • Sanitization: Mandatory escaping of code snippets and command output, and rigorous filtering of dangerous elements in rendered diagrams to prevent cross-site scripting (XSS) in the report artifact.
Audit Metadata
Risk Level
SAFE
Analyzed
Jun 16, 2026, 07:22 PM
Security Audit — agent-trust-hub — as-built-architecture